cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r870602 - in /websites/production/cxf/content: cache/docs.pageCache docs/security.html
Date Mon, 22 Jul 2013 15:48:02 GMT
Author: buildbot
Date: Mon Jul 22 15:48:01 2013
New Revision: 870602

Log:
Production update by buildbot for cxf

Modified:
    websites/production/cxf/content/cache/docs.pageCache
    websites/production/cxf/content/docs/security.html

Modified: websites/production/cxf/content/cache/docs.pageCache
==============================================================================
Binary files - no diff available.

Modified: websites/production/cxf/content/docs/security.html
==============================================================================
--- websites/production/cxf/content/docs/security.html (original)
+++ websites/production/cxf/content/docs/security.html Mon Jul 22 15:48:01 2013
@@ -130,7 +130,7 @@ Apache CXF -- Security
 <div id="ConfluenceContent"><p><span style="font-size:2em;font-weight:bold">
Securing CXF Services </span></p>
 
 <div>
-<ul><li><a shape="rect" href="#Security-Securetransports">Secure transports</a></li><ul><li><a
shape="rect" href="#Security-HTTPS">HTTPS</a></li></ul><li><a
shape="rect" href="#Security-WS%5CSecurity%28includingUsernameTokenandX.509Tokenprofiles%29">WS-*
Security (including UsernameToken and X.509 Token profiles)</a></li><li><a
shape="rect" href="#Security-WSTrust%2CSTS">WS-Trust, STS</a></li><li><a
shape="rect" href="#Security-SAMLWebSSO">SAML Web SSO</a></li><li><a
shape="rect" href="#Security-OAuth">OAuth</a></li><li><a shape="rect"
href="#Security-Authentication">Authentication</a></li><ul><li><a
shape="rect" href="#Security-JAASLoginInterceptor">JAASLoginInterceptor</a></li><li><a
shape="rect" href="#Security-Kerberos">Kerberos</a></li></ul><li><a
shape="rect" href="#Security-Authorization">Authorization</a></li><li><a
shape="rect" href="#Security-ControllingLargeRequestPayloads">Controlling Large Request
Payloads</a></li><ul><li><a shape="rect" href="#Security-XML">XML</a></li
 ><li><a shape="rect" href="#Security-Multiparts">Multiparts</a></li></ul><li><a
shape="rect" href="#Security-Largedatastreamcaching">Large data stream caching</a></li></ul></div>
+<ul><li><a shape="rect" href="#Security-Securetransports">Secure transports</a></li><ul><li><a
shape="rect" href="#Security-HTTPS">HTTPS</a></li></ul><li><a
shape="rect" href="#Security-WS%5CSecurity%28includingUsernameTokenandX.509Tokenprofiles%29">WS-*
Security (including UsernameToken and X.509 Token profiles)</a></li><li><a
shape="rect" href="#Security-WSTrust%2CSTS">WS-Trust, STS</a></li><li><a
shape="rect" href="#Security-SAMLWebSSO">SAML Web SSO</a></li><li><a
shape="rect" href="#Security-OAuth">OAuth</a></li><li><a shape="rect"
href="#Security-Authentication">Authentication</a></li><ul><li><a
shape="rect" href="#Security-JAASLoginInterceptor">JAASLoginInterceptor</a></li><li><a
shape="rect" href="#Security-Kerberos">Kerberos</a></li></ul><li><a
shape="rect" href="#Security-Authorization">Authorization</a></li><li><a
shape="rect" href="#Security-ControllingLargeRequestPayloads">Controlling Large Request
Payloads</a></li><ul><li><a shape="rect" href="#Security-XML">XML</a></li
 ><li><a shape="rect" href="#Security-XMLCXFversionspriorto2.7.4">XML - CXF
versions prior to 2.7.4</a></li><li><a shape="rect" href="#Security-Multiparts">Multiparts</a></li></ul><li><a
shape="rect" href="#Security-Largedatastreamcaching">Large data stream caching</a></li></ul></div>
 
 <h1><a shape="rect" name="Security-Securetransports"></a>Secure transports</h1>
 
@@ -260,6 +260,19 @@ Apache CXF -- Security
 
 <h2><a shape="rect" name="Security-XML"></a>XML</h2>
 
+<p>Starting with CXF 2.7.4, CXF now requires use of a StAX parser that can provide
fine grained control over the size of the incoming XML.   The only parser that will currently
work is Woodstox 4.2 or newer.   The main reason is there are a series of DOS attacks that
can only be prevented at the StAX parser level.   There is a "org.apache.cxf.stax.allowInsecureParser"
System Property that can be set to true to allow using an insecure parser, but that is HIGHLY
not recommended and doing so would also now allow the settings described in this section.</p>
+
+<p>CXF has several default settings that will prevent malicious XML from causing various
DOS failures.   You can override the default values if you know you will have incoming XML
that will exceed these limits.   These settings can be set as Bus level properties, endpoint
level properties, or even per request via an interceptor. </p>
+
+<div class="table-wrap">
+<table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1"
class="confluenceTh">Setting</th><th colspan="1" rowspan="1" class="confluenceTh">Default</th><th
colspan="1" rowspan="1" class="confluenceTh">Description</th></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd">org.apache.cxf.stax.maxChildElements</td><td
colspan="1" rowspan="1" class="confluenceTd">50000</td><td colspan="1" rowspan="1"
class="confluenceTd">Maximum number of child elements for a given parent element</td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd">org.apache.cxf.stax.maxElementDepth</td><td
colspan="1" rowspan="1" class="confluenceTd">100</td><td colspan="1" rowspan="1"
class="confluenceTd">Maximum depth of an element</td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd">org.apache.cxf.stax.maxAttributeCount</td><td
colspan="1" rowspan="1" class="confluenceTd">500</td><td colspan="1" rowspan="1"
class="confluenceTd">Maximum number of attributes on a single element</td></
 tr><tr><td colspan="1" rowspan="1" class="confluenceTd">org.apache.cxf.stax.maxAttributeSize</td><td
colspan="1" rowspan="1" class="confluenceTd">64K</td><td colspan="1" rowspan="1"
class="confluenceTd">Maximum size of a single attribute</td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd">org.apache.cxf.stax.maxTextLength</td><td
colspan="1" rowspan="1" class="confluenceTd">128M</td><td colspan="1" rowspan="1"
class="confluenceTd">Maximum size of an elements text value</td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd">org.apache.cxf.stax.maxElementCount</td><td
colspan="1" rowspan="1" class="confluenceTd">Long.MAX_VALUE</td><td colspan="1"
rowspan="1" class="confluenceTd">Maximum total number of elements in the XML document</td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd">org.apache.cxf.stax.maxXMLCharacters</td><td
colspan="1" rowspan="1" class="confluenceTd">Long.MAX_VALUE</td><td colspan="1"
rowspan="1" class="confluenceTd">Maximum total number 
 of characters parsed by the parser</td></tr></tbody></table>
+</div>
+
+
+
+
+<h2><a shape="rect" name="Security-XMLCXFversionspriorto2.7.4"></a>XML
- CXF versions prior to 2.7.4</h2>
+
 <p>Endpoints expecting XML payloads may get <a shape="rect" class="external-link"
href="http://svn.apache.org/repos/asf/cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/DepthRestrictingStreamInterceptor.java">DepthRestrictingInterceptor</a>
registered and configured in order to control the limits a given XML payload may not exceed.
This can be useful in a variety of cases in order to protect against massive payloads which
can potentially cause the denial-of-service situation or simply slow the service down a lot.</p>
 
 <p>The complete number of XML elements, the number of immediate children of a given
XML element may contain and the stack depth of the payload can be restricted, for example:</p>



Mime
View raw message